After Install and Configure IIS Web Server on Windows Server I wanted to add SSL/TLS certificate on web site on IIS web server, These are the step by step procedure to add certificate, Open Server Manager on windows server, from Tools click Internet Information Services (IIS) Manager.
In the IIS Manager click on the server and then go to Server Certificates and Open feature from Actions pane.
Next on the Server Certificates click the Create Certificate Request to generate CSR file.
Next fill up SSL certificate distingushed name properties. Specify the required information for the certificate, Common name, Organization unit, City/locality, State/province and Country/region information in the Request Certificate, State/province and City/locality must be specified as official names and they cannot contain abbreviations. On the Cryptographic Service provider properties select a cryptographic service provider and a bit length. The bit length of the encryption key determines the certificate's encryption strength. The greater the bit length, the stronger the security However, a greater bit length may decrease performance.
I kept selected Microsoft RSA SChannel Cryptographic Provider and Bit length is 2048.
Finally Specify the file name for the certificate request, this information can be sent to a certification authority for signing. I opened the CSR text file in the notepad, the content of the file will be required later, copy complete content from Begin to End.
I have Microsoft Active Directory certificate services server setup in the lab Install and configure certificate authority (CA) on Microsoft Windows server with Group Policy, If you have any other CA (Certificate authority) you can use csr file to generate certificate. Open the CA server web address with certsrv suffix. Click on the request a certificate, next go to submit an advanced certificate request. Next Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. Click the CSR content in the textbox, In the last download certificate and save to file.
Certificate is generated, go to IIS manager, On the IIS server Certificates click Complete Certificate Request in the Actions pane. Provide File name containing the certificattion authority's repsponse. and friendly name, I will keep the new certificate saved in the Personal my certificate store, click Ok button. Certificate will listed under Server Certificates now.
I will apply the certificate to website, I have only one Default Web Site, Click the Bindings from Actions pane on the right hand side.
In the Site Bindings click Add button, in the Type select https from dropdown option and the latest SSL certificate we created.
New port is listed in the Site Bindings now, close it and on the Default web site right click, from the context menu, go to Manage Website >> Restart to take effect of the changes.
Verify website is running with https protocol, all looks good.
Useful Articles
Generate new self-signed certificates for ESXi using OpenSSL
Push SSL certificates to client computers using Group Policy
Replacing a default ESXi certificate with a CA-Signed certificate
Troubleshooting replacing a corrupted certificate on Esxi server
How to import default vCenter server appliance VMCA root certificate and refresh CA certificate on ESXi
How to replace default vCenter VMCA certificate with Microsoft CA signed certificate